18 replies to this topic

[Irongeek]

Anyone else watch the "Hacking Democracy" documentary yet?

http://en.wikipedia....cking_Democracy

A few things I found interesting so far:

1. They keep opening the source code that looks like it has Unix style line feeds in MS Notepad, which makes for some really unreadable code. Funny that the source would use Unix line feeds, when it all seems to be Windows based.

2. Keeping the raw votes in an MS Access database with no protections? Fugly.

3. Like how the Diebold guy said the source was stolen, when Bev Harris seems to have found it on an open FTP site via Google. Maybe she is a Johnny Long fan.

4. I've got to looks up more stuff on this Accubasic (You see a fold in the screen shots called Abasic).

Any body else watch this yet?

[riscphree]

From what you have said, I'm going to go ahead and watch it since it seems interesting.

2. Keeping the raw votes in an MS Access database with no protections? Fugly.

You've got to be kidding right? Thats just wrong on so many levels.

[Rightcoast]

No I watched it and he wasn't kidding. The votes are stored in an Access database as what seems to be interpreted by Diebold as a "protective" feature. See, far from leet Bev can't tinker with the main program. Security feature ... check. At least from a Grandma. She is a tenacious grandma though, and found the votes were stored in an Access DB. She sat down on camera with Howard "Hoooooooooaaaaaaaaaah" Dean and showed him how while the main program seems OK, the Access backend data can be changed in under a second or two, shifting a fake setup election they had for the camera that day with like 4 keystrokes. Security problem .. check.

The best part (I thought) was that since voting is always a private affair, the miscast votes are rarely caught on camera. There was a Rebulican candidate who took a college buddy with a small camera in to see the machines during the time the candidate were allowed to preview the machines. LA is a pretty Democratic district, and the ladys votes were going to a Dem every time she hit her name. Bev touches on this, how in areas like FL and Ohio the machines are obviously slanted towards Republicans, while in Seattle and Louisiana, the bias is toward Democrats.

I did enjoy seeing the California Secretary rip into the Diebold CEO when he kept insisting the source code was "stolen".

The movie serves to illustrate what a banana republic the country has become. Stay home, voting is pointless unless you were smart enough to get an absentee ballot. Why demean yourself and delude yourself into thinking it matters. It used to, but no longer. You vote only counts if you see a yellow button and feel like risking election fraud and fixing it so you can vote multiple times. To think I have worked on campaigns and in grassroots efforts before. What a waste of my fucking life.

[notyourtim]

Back when my county used paper ballots, I voted for a write-in candidate. When I checked the results for my district in the local paper after the election, my candidate showed no votes. I was irked, but I could imagine a couple of valid reasons why my vote might have disappeared. First, they might not have counted any of the write-in votes unless they had enough of them to potentially shift the result of the election. (My write-in would have had to be manually examined, since unlike the standard entries, it could not be fully read by machine.) Second, the name of my write-in candidate was not posted at the polling site, which is against the rules as I understand them. Perhaps it was not posted because the candidate had somehow been invalidated before election day. Thus, my vote would have been invalid as well.

Now my county has Diebold machines. I'm going to vote for a "3rd-party" candidate I happen to agree with. The candidate's name is on the sample ballot and will have a normal button on the screen, so there's no reason for my district's returns not to show a "1" for my vote when the results are announced. (Or maybe a "2" if the candidate's mom happens to live in my district, too.)

We'll see what actually happens.

[MoD]

I'll be watching it in about 20 minutes.

[Professor Bagelwood]

Makes you wonder. What would need to happen for us as a nation to wake the hell up? It's entirely possible to have electronic voting and have accurate representations of the votes, if only we had the will to use that crazy thing call "cryptography" and "verification." But gee, who has the time for that?

On a sidenote, did anybody see the Slashdot article about how we could make everything all nice and verifiable? I'll link you directly to the site of the guy who thought of a brilliant way to do all of this. Link.

And to go from a sidenote to a complete tangent, would you all mind doing me a favor and digging the thing in my signature to get a certain Cowboy Bebop game brought to the USA? Completely unrelated to the topic though so please don't reply about it since I don't want to hijack the thread, but yeah, thanks to those that help. [/shameless tangent]

[Seal]

I just finished watching it.

Fantastic. I mean, I don't believe that discrepencies in the previous elections were due to manipulative hacking; but its a huge [and deserving] blow to Diebold's highly inadequate policy of security through obscurity. That and their policy of public misinformation.

Obscurity has no place in the mechanics of public elections.
However, that's against the best interests of American corporations ("trade secrets").
Therefore, elections should not be in the hands of those corporations.

[StankDawg]

VOTE FOR STANKDAWG! STANKDAWG FOR PRESIDENT! HACK THE VOTE!!

[xGERMx]

Wow, very um.....enlightening scary stuff.
Can anyone verify if those Accu-Vote cards were PCMCIA?
My favorite part of the movie was when they first showed them opening up GEMS; if you look closely, you'll notice that the machine has BearShare installed on it. Even if that computer was just for demonstration purposes, it makes me giggle.
They might as well of used BonziBuddy to calculate the votes aloud.

[Mr. White]

I was irked, but I could imagine a couple of valid reasons why my vote might have disappeared. First, they might not have counted any of the write-in votes unless they had enough of them to potentially shift the result of the election.

That is how most areas do it. Unless the total number of absentee ballots are close or more than the gap in the vote then they are not counted.

I'm watching the documentary on google vid for free now, no need for HBO. Seems to have the same stuff as this article.

The central server being a modem pool with XP and an Access Database. Now that's a fucking joke. Unencrypted Access database. They weren't even trying.

Edited by Mr. White, 06 November 2006 - 10:10 PM.

[lmnk]

VOTE FOR STANKDAWG! STANKDAWG FOR PRESIDENT! HACK THE VOTE!!

When I go to vote tomorrow, I will.

I just got done watching this video and as far as the idea of open sourcing the code is, it boils down to: is it more risky to have closed source that can't be reviewed by anyone, or open code where someone could locate a hole in and exploit that hole on election day. I don't know which is better overall, but in the scenario of a company that leaves the source in an open ftp directory, they should open it up for everybody.

I think that because the public inspection of the voting machines is for the first time limited to "you can only look at the parts that we want you to be able to look at" makes it harder to trust, and on top of that it is so much easier for something malicious to be inserted without sending up any warning flags.

[j4mes]

I was going to post something about this when I saw that. Unfortunately, I got side tracked and now see that it has been posted. To me, this isn't terribly surprising. Elections have been rigged since the beginning.

I didn't know that you were on the ballot, Stankdawg. I'll cast my vote.

[lowtec]

The Presidential election is NEXT year ;P

Also, absentee voting is not any better than electronic voting because in most cases (when absentee votes are counted) they are just entered into an electronic machine by a human.

Everyone here should read the paper by the security researchers at Princeton who managed to get a hold of an old version Diebold AccuVote .. here: http://itpolicy.princeton.edu/voting/

[LUCKY_FUCKIN_CHARMS]

it was interesting to watch. makes me wanna go dumpster diving too.

[Noven]

I just got done watching this video and as far as the idea of open sourcing the code is, it boils down to: is it more risky to have closed source that can't be reviewed by anyone, or open code where someone could locate a hole in and exploit that hole on election day. I don't know which is better overall, but in the scenario of a company that leaves the source in an open ftp directory, they should open it up for everybody.

I think voting software absolutely *has* to be open source. Elections have been rigged since the beginning of time, and the best defence against that is transparency. Introduce a code bounty offering $1k or so to anyone who submits an accurate and exploitable security hole, maybe a smaller bounty for theoretical security problems. You'll have any holes revealed and fixed before the election.

[notyourtim]

This morning I checked the election results on the web and found that the voting machines had indeed counted several hundred votes for my 3rd-party candidate in my county. I couldn't find results broken down by polling place, but that should be about 1 or 2 votes per polling place. There were also counts for various write-in votes, although some of them were lumped into an "other write-in" category (presumably some voters are still holding out for Pat Paulsen).

So this doesn't say anything about security, but at least some basic vote-counting functionality seems to be there.

Mrs. Notyourtim experienced the infamous "poke party A's button get party B" problem with the Diebold machines. This seems unlikely to be a deliberate attempt to sway the election to me. If I wanted to shift votes, instead of making it so obvious I'd make the screen display what the user wanted and change the tallies inside the machine instead.

[xGERMx]

Even after watching that, I tend to think that voting is still more secure now than it ever has been.
That may not be saying much (at all) but, would anyone disagree with that?

[Seal]

Even after watching that, I tend to think that voting is still more secure now than it ever has been.
That may not be saying much (at all) but, would anyone disagree with that?

It is both quicker and easier to edit the outcome of 600 votes with a few [or even no] keystrokes, than it is to manually change 600 old school ballots by hand. This is especially true in a situation whereby time is metered and of the essence. The only failure in such an "antiquated" system is the delivery of the said ballot counts; but that's just as much of a problem today than it was then.

In any case, at least the public can follow every step of the old-school ballot system should anything go wrong. There are no black boxes where unknowns exist.

[xGERMx]

I see where you were going and for the most part I agree with you but, what I was eluding to were things like rigging of the elections through other means. Example being, many people believe that in the 1960's, the mafia pulled strings in order to get Kennedy elected.
I meant in general (not specifically Diebold or ESS), Electronic voting (which has been in use since the 80s) is more secure than other means.
99 percent of the time, a computer (if programmed correctly) is going to be more accurate than a human.